|
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
using Microsoft.DotNet.Cli.Utils;
namespace Microsoft.DotNet.Cli.SdkVulnerability;
/// <summary>
/// Triggers background cache refresh for SDK vulnerability/EOL metadata.
/// Called from RestoringCommand (build/restore commands only).
/// </summary>
internal static class SdkVulnerabilityNotifier
{
/// <summary>
/// Kicks off a background cache refresh if the sentinel indicates it's due.
/// Does not emit warnings — that's handled by the CheckSdkVulnerabilities MSBuild task.
/// </summary>
public static void BackgroundUpdateCacheIfNeeded(string? sdkVersion = null)
{
#if !DOT_NET_BUILD_FROM_SOURCE
try
{
sdkVersion ??= Product.Version;
var cache = new SdkReleaseMetadataCache();
if (cache.IsDisabled())
{
return;
}
// Check if either the sentinel is stale or we don't have cached data
// for this specific SDK version. Covers the case where the user switches
// between SDK versions (e.g., via global.json) within the sentinel interval.
if (!cache.IsDueForUpdate() && cache.ReadCachedSummary(sdkVersion) is not null)
{
return;
}
_ = Task.Run(async () =>
{
try
{
await cache.UpdateCacheAsync(sdkVersion).ConfigureAwait(false);
}
catch
{
// Never surface errors from background updates
}
});
}
catch
{
// Never let vulnerability cache refresh break CLI execution
}
#endif
}
}
|